Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

This program is a special bonus for the 400 people coming to the SCADA Security Summit in Orlando (http://www.sans.org/scadasummit06/), to help them get a solid grounding in SCADA security before the Summit. But we are opening it up to everyone. It covers how control systems are being exploited and how exploits are changing and much more.

There is no cost. Just register and get online early.

************************************************************************* World-Class Security Training Opportunities in the Next Few Weeks

SANS 2006 in Orlando (Feb 24- March 4) 36 tracks of extraordinary training - the best instructors in the world, and a great security tools exposition. Lots of people are bringing their families to Orlando to join them at the end of the program. Plus: San Francisco, Phoenix, St. Louis, Brisbane, Tokyo, Ottawa

Or you can take SANS training anytime, anywhere with the new SANS On Demand. Details on these and other programs: http://www.sans.org/index.php *************************************************************************

TOP OF THE NEWS

Judge Dismisses Data Negligence Case (15 February 2006)

A US District Judge has thrown out a lawsuit brought by an individual against a student loan company for not encrypting a customer database that was on a laptop computer stolen from the home of a financial analyst. Stacy Lawton Guin maintained that the company was required to encrypt the data under the Gramm-Leach-Bliley Act, but the judge determined that GLB does not require data encryption and that the company "had a written security policy and other 'proper safeguards' for customers' information." -http://software.silicon.com/security/0,39024655,39156463,00.htm[Editor's Note (Schultz and others): This ruling is unfortunate. Encryption of data is not sufficient to protect data from unauthorized disclosure, but it is one of the most fundamental measures in achieving this goal. ]

Cleveland State University and Johnson Controls, a manufacturing company, have both banned the use of Google Desktop 3 on their computer systems. The software has a new feature, Search Across Computers, that does what its name suggests while also storing copies of users' files on Google servers for up to 30 days. For the University, which is required to comply with laws like the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA), the security risk of having data on public servers is too great. Similarly, Johnson Controls handles government contracts that include secure, classified information and its own intellectual property. -http://www.zdnet.co.uk/print/?TYPE=story&AT=39252738-39020375t-10000007c[Editor's Note (Weatherford) This is more than just a bad idea because as the article notes, the possibility of violating federal regulations is not trivial and voluntarily losing control of your data and intellectual property doesn't look good on a resume! ]

US Lawmakers Lambaste US Tech Firms for Submitting to Censorship Pressure Abroad (16/15 February 2006)

At a US House of Representatives Committee on International Relations hearing this week, US lawmakers took four US companies to task for their business practices in China. Microsoft, Yahoo, Google and Cisco Systems were criticized for bowing to pressure from the Chinese government as manifested in censoring web sites and providing the Chinese government with customer information that led to arrests. Legislators asserted that the companies appeared to be motivated by profits and that they neglected "social responsibility." The companies welcome the US government's guidance in their efforts to "expand in nations with poor human rights records," but cautioned that pulling out of those countries could encourage the growth of competitors that do not share the US government's concerns. -http://news.bbc.co.uk/2/hi/technology/4699242.stm (Please note: this site requires free registration) -http://www.washingtonpost.com/wp-dyn/content/article/2006/02/15/AR2006021500301_pf.html-http://www.theregister.co.uk/2006/02/16/china_committee/print.html-http://www.computerworld.com/printthis/2006/0,4814,108725,00.html-http://www.usatoday.com/tech/news/techpolicy/2006-02-15-hearing_x.htm[Editor's Note (Grefer): Why is it that what's good for the goose is not good for the gander? Apparently censorship and release of personally identifiable information to the government is a Bad Thing (tm) when done in China, but a "necessity" when done in the U.S. (Schultz): All the rhetoric of this House of Representative Committee is, unfortunately, likely to do little or no good. These vendors will inevitably continue to do business in China as they have in the past. Regulations or statutes that reign in these business practices that are created and put into effect would in contrast make a huge difference. (Weatherford): While they insist that they "comply with legally binding orders", most people see this as a moral issue and not a legal one.]

AT&T Suing Nonprofit Organization for Fraudulent Long Distance Calls Made Through its System (9 February 2006)

AT&T is suing a Salt Lake City-based nonprofit for long distance telephone charges it did not make. AT&T acknowledges that the organization, HealthInsight, did not make the calls in question, but says the company had been warned that attackers were using their systems and did not take adequate steps to prevent the unauthorized usage from happening. The attackers apparently made more than US$25,500 worth of phone calls through HealthInsight's system. AT&T is seeking the amount owed plus interest and legal costs. -http://www.sltrib.com/business/ci_3489614*************************** Sponsored Links: ****************************

4) The e-Crime Congress in London March 30-31 Will examine the global issues and give a frank appraisal of the present state of 'the online nation' and assess the challenges and collective progress being made in the fight against hi-tech crime. More than 500 attendees are expected in this 4th annual event. They include Heads of Risk, Group Information Security, Director of Security, IT Security & Audit, IT Forensics, Fraud Investigations, Global Security Operations, COO, CTO, Financial Crime, Computer Audit. Special Rates for SANS NewsBites news subscribers save EUR100. Please enter the code SANS06 http://www.e-crimecongress.org/ecrime2006/website.asp *************************************************************************

THE REST OF THE WEEK'S NEWS

ARRESTS, CONVICTIONS AND SENTENCES

Alleged NASA Cyber Attacker Seeks Assurance he Will Not be Tried Under Military Law (16/14 February 2006)

WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES

Trojan for Mac OS X Released (16 February 2006)

A link to proof-of-concept malicious code for Mac OS X has appeared on the Internet. The Trojan pretends to be screenshots of OS X "Leopard" 10.5. While it tries to send itself out to other machines through the iChat instant messaging system, it does not harm the system it has infected. -http://www.securityfocus.com/brief/142[Editors' Note (Multiple): The proof of concept status has been upgraded to "in the wild." It is no longer a theoretical threat - it's real. ]

ATTACKS & INTRUSIONS & DATA THEFT

New Hampshire State Computer System Data Breach (15 February 2006)

New Hampshire Governor John Lynch said the security of the state's computer system has been breached. The attackers may have been seeking credit card account information belonging to New Hampshire residents. The security breach involved computer and in-person transactions at motor vehicle offices, state liquor stores and other locations. People who have used credit cards for transactions with the state over the last six months are advised to scrutinize their statements for unauthorized transactions. The breach came to light when state technology experts found monitoring software installed on the system. -http://www.washingtonpost.com/wp-dyn/content/article/2006/02/15/AR2006021502764_pf.html[Editor's Note (Pescatore): This story points out one of the biggest problems in how many enterprises reacted to worms and phishing attacks: they focused on patch management and the elusive "user education" and did not follow-up to see if any malicious payloads had been installed. Checking to see if their computers are patched, and blocking access to known phishing URLs is just part of what has to happen. Looking for dangerous software on internal machines needs to be part of continuous vulnerability management. There are plenty of scanning and network behavior analysis tools that provide this capability." ]

Sources are now indicating that the compromised debit cards reported earlier this week are related to two security breaches involving Wal-Mart and OfficeMax. Bank of America, Washington Mutual and a credit union cancelled 200,000 customer debit cards. The FBI and the Secret Service are investigating. Neither store has commented on their connections to the data breach although Wal-Mart did point to their December 2, 2005 announcement that customer credit card security had been breached at some Sams' Club gas pumps in late September and early October. The FBI also believes that the breach may be connected to an ongoing investigation in Sacramento, CA; that case involves the cancellation of about 1,500 debit cards at the Golden 1 Credit Union. -http://news.com.com/2102-1029_3-6038405.html?tag=st.util.print-http://news.com.com/2102-1029_3-6038287.html?tag=st.util.print[Editor's Note (Weatherford): Sunshine is the best disinfectant and while it might not be the case here, it looks like they aren't being completely forthcoming...which churns the rumor mill. ]

MISCELLANEOUS

State Department to Aid Tech Firms' Struggle with Censorship (15/14/13 February 2006)

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/